refacil-pay-mcp 1.1.32 → 1.1.33
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +448 -33
- package/dist/core/resources.js +24 -3
- package/dist/core/resources.js.map +1 -1
- package/dist/core/tools.d.ts +2 -0
- package/dist/core/tools.js +221 -47
- package/dist/core/tools.js.map +1 -1
- package/dist/index.js +2 -2
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -4,7 +4,7 @@ Servidor MCP (Model Context Protocol) generado automáticamente para la API refa
|
|
|
4
4
|
|
|
5
5
|
## 🚀 Características
|
|
6
6
|
|
|
7
|
-
- **
|
|
7
|
+
- **20 herramientas** generadas automáticamente desde la colección Postman
|
|
8
8
|
- **Autenticación flexible**: Username/Password con renovación automática de tokens
|
|
9
9
|
- **Servidor HTTP** con Fastify
|
|
10
10
|
- **Protocolo MCP** estándar para integración con IDEs
|
|
@@ -353,14 +353,16 @@ The table below lists the available payment methods along with their correspondi
|
|
|
353
353
|
| `262` | Cash-in via **PSE Gateway** | 1,800 |
|
|
354
354
|
| `153` | Cash-in via **Recaudo Efectivo** | 86,400 |
|
|
355
355
|
| `163` | Cash-in via **TPaga** | 43,200 |
|
|
356
|
-
| `248` | Cash-in via **QR
|
|
356
|
+
| `248` | Cash-in via **QR Dinámico** (QR Interoperable dinámico) | N/A |
|
|
357
|
+
| `280` | Cash-in via **QR Híbrido** (QR Interoperable híbrido con monto, cantidad de usos y fecha de expiración variables) | N/A |
|
|
357
358
|
| `250` | Cash-in via **Llaves Bre-B** | N/A |
|
|
358
359
|
| `273` | Cash-in via **Tarjetas** (Débito y Crédito) | 3,600 |
|
|
359
360
|
| `277` | Cash-in via **Whatsapp** | 2,592,000 |
|
|
360
361
|
|
|
361
362
|
> ⚠ **Important:**
|
|
362
363
|
The value provided in the expiresIn field **must be greater than or equal** to the minimum expiration defined for the selected payment method.
|
|
363
|
-
> For **QR
|
|
364
|
+
> For **QR Dinámico (ID 248)**, the `expiresIn` parameter **must be omitted**. If provided, the system will **ignore it automatically**. The resource expires at the **end of the day on which it is generated** (23:59:59 America/Bogota).
|
|
365
|
+
> For **QR Híbrido (ID 280)**, the `expiresIn` parameter **must be omitted**. If provided, the system will **ignore it automatically**. The resource expiration is determined by the `expirationDate` parameter configured in the request.
|
|
364
366
|
> For **Llaves Dinámicas Bre-B (ID 250)**, the `expiresIn` parameter **must be omitted**. If provided, the system will **ignore it automatically**. The key has a **fixed validity period of 10 minutes** from the moment of creation, determined by the server configuration.
|
|
365
367
|
|
|
366
368
|
|
|
@@ -531,7 +533,58 @@ If the request is made from a desktop or tablet, it is recommended to send `isQr
|
|
|
531
533
|
|
|
532
534
|
---
|
|
533
535
|
|
|
534
|
-
### **QR Interoperable**
|
|
536
|
+
### **QR Interoperable Dinámico**
|
|
537
|
+
|
|
538
|
+
> ⚠ **Prerequisite:**
|
|
539
|
+
The merchant must complete the **Merchant Enrollment** process before using this method.
|
|
540
|
+
See the _Merchant Enrollment_ section for setup details.
|
|
541
|
+
|
|
542
|
+
> 🔁 **Open Resource:**
|
|
543
|
+
The **QR Interoperable Dinámico** operates as an _open resource_, meaning the generated QR can be used multiple times by the same user.
|
|
544
|
+
|
|
545
|
+
> ⚙️ **Technical Note — Dynamic QR Behavior:**
|
|
546
|
+
Dynamic QR codes may be scanned multiple times due to current limitations in the Redeban system.
|
|
547
|
+
This is **not** an error in our platform.
|
|
548
|
+
|
|
549
|
+
> 🕐 **Expiration Behavior:**
|
|
550
|
+
The `expiresIn` parameter **does not apply** to this payment method and should be **omitted** from the request.
|
|
551
|
+
If a value is sent, the system will **ignore it automatically**.
|
|
552
|
+
The QR resource expiration is controlled exclusively by the provider (Redeban) and is always set to the **end of the day on which the resource is generated** (23:59:59 America/Bogota).
|
|
553
|
+
|
|
554
|
+
|
|
555
|
+
#### Behavior Details
|
|
556
|
+
|
|
557
|
+
- Redeban does not automatically invalidate a dynamic QR after its first scan.
|
|
558
|
+
|
|
559
|
+
- As a result, the same QR may generate multiple transaction records.
|
|
560
|
+
|
|
561
|
+
|
|
562
|
+
#### Recommendations
|
|
563
|
+
|
|
564
|
+
- Implement **application-level validation** to detect multiple payments from the same QR code.
|
|
565
|
+
|
|
566
|
+
- Monitor dynamic QR transactions and confirm status before marking payments as completed.
|
|
567
|
+
|
|
568
|
+
- Inform end-users to verify the success of a transaction before rescanning.
|
|
569
|
+
|
|
570
|
+
|
|
571
|
+
#### Future Considerations
|
|
572
|
+
|
|
573
|
+
- Redeban is evaluating support for **single-use dynamic QR control**.
|
|
574
|
+
|
|
575
|
+
- Stay updated with interoperability provider announcements to adjust integrations accordingly.
|
|
576
|
+
|
|
577
|
+
|
|
578
|
+
#### Request Structure
|
|
579
|
+
|
|
580
|
+
``` json
|
|
581
|
+
"paymentMethod": {
|
|
582
|
+
"id": 248
|
|
583
|
+
}
|
|
584
|
+
|
|
585
|
+
```
|
|
586
|
+
|
|
587
|
+
#### Optional Fields
|
|
535
588
|
|
|
536
589
|
For this method, the following fields are **optional**:
|
|
537
590
|
|
|
@@ -547,57 +600,84 @@ For this method, the following fields are **optional**:
|
|
|
547
600
|
The service can function using only the payment method ID; however, providing these optional fields can **improve response time**.
|
|
548
601
|
You may retrieve this data through the `enrollment-data` service in the [Merchant Enrollment](https://documenter.getpostman.com/view/35146358/2sA3QpDEFA#8c9f5a18-a19a-4b8f-baba-cd7501aa29a0) section.
|
|
549
602
|
|
|
603
|
+
---
|
|
604
|
+
|
|
605
|
+
### **QR Interoperable Híbrido**
|
|
606
|
+
|
|
550
607
|
> ⚠ **Prerequisite:**
|
|
551
608
|
The merchant must complete the **Merchant Enrollment** process before using this method.
|
|
552
609
|
See the _Merchant Enrollment_ section for setup details.
|
|
553
610
|
|
|
554
|
-
> 🔁 **
|
|
555
|
-
The **QR Interoperable**
|
|
611
|
+
> 🔁 **Reusable Resource:**
|
|
612
|
+
The **QR Interoperable Híbrido** can be scanned up to the number of times specified in `quantityUses`.
|
|
556
613
|
|
|
557
|
-
> ⚙️ **Technical Note —
|
|
558
|
-
|
|
614
|
+
> ⚙️ **Technical Note — Hybrid QR Behavior:**
|
|
615
|
+
The Hybrid QR is a static QR code with a pre-set fixed amount. It generates a closed payment URL valid for a defined number of uses and time period.
|
|
559
616
|
This is **not** an error in our platform.
|
|
560
617
|
|
|
561
618
|
> 🕐 **Expiration Behavior:**
|
|
562
619
|
The `expiresIn` parameter **does not apply** to this payment method and should be **omitted** from the request.
|
|
563
620
|
If a value is sent, the system will **ignore it automatically**.
|
|
564
|
-
The QR
|
|
621
|
+
The QR validity period is controlled by the `expirationDate` parameter sent in the request.
|
|
565
622
|
|
|
566
623
|
|
|
567
624
|
#### Behavior Details
|
|
568
625
|
|
|
569
|
-
-
|
|
626
|
+
- The QR is valid until it reaches the maximum number of scans defined in `quantityUses` or until the `expirationDate`, whichever comes first.
|
|
570
627
|
|
|
571
|
-
-
|
|
628
|
+
- Once the usage limit or expiration date is reached, the QR is automatically invalidated.
|
|
572
629
|
|
|
573
630
|
|
|
574
631
|
#### Recommendations
|
|
575
632
|
|
|
576
|
-
-
|
|
633
|
+
- Set a `quantityUses` value appropriate for your use case (1–3 uses).
|
|
577
634
|
|
|
578
|
-
-
|
|
635
|
+
- Set a realistic `expirationDate` to avoid leaving open QR codes active longer than intended.
|
|
579
636
|
|
|
580
|
-
-
|
|
637
|
+
- Monitor hybrid QR transactions and confirm status before marking payments as completed.
|
|
581
638
|
|
|
582
639
|
|
|
583
640
|
#### Future Considerations
|
|
584
641
|
|
|
585
|
-
- Redeban is evaluating support for **single-use dynamic QR control**.
|
|
586
|
-
|
|
587
642
|
- Stay updated with interoperability provider announcements to adjust integrations accordingly.
|
|
588
643
|
|
|
589
644
|
|
|
645
|
+
#### Required Parameters
|
|
646
|
+
|
|
647
|
+
These parameters are **required** for QR Interoperable Híbrido:
|
|
648
|
+
|
|
649
|
+
| **Field** | **Type** | **Required** | **Valid values** | **Description** |
|
|
650
|
+
| --- | --- | --- | --- | --- |
|
|
651
|
+
| `quantityUses` | `string` | ✅ | `"1"`, `"2"` or `"3"` | Maximum number of times the QR can be scanned/used. Must be sent as a numeric string. |
|
|
652
|
+
| `expirationDate` | `string` | ✅ | `YYYY-MM-DD` format, from today up to `2100-12-31` | Date until which the QR remains valid. Must be a real calendar date. |
|
|
653
|
+
|
|
654
|
+
#### Request Structure
|
|
655
|
+
|
|
590
656
|
``` json
|
|
591
657
|
"paymentMethod": {
|
|
592
|
-
"id":
|
|
593
|
-
"
|
|
594
|
-
"
|
|
595
|
-
"documentNumber": "string",
|
|
596
|
-
"merchantId": "string"
|
|
658
|
+
"id": 280,
|
|
659
|
+
"quantityUses": "2",
|
|
660
|
+
"expirationDate": "2027-12-31"
|
|
597
661
|
}
|
|
598
662
|
|
|
599
663
|
```
|
|
600
664
|
|
|
665
|
+
#### Optional Fields
|
|
666
|
+
|
|
667
|
+
For this method, the following fields are **optional**:
|
|
668
|
+
|
|
669
|
+
- `cellphone`
|
|
670
|
+
|
|
671
|
+
- `documentNumber`
|
|
672
|
+
|
|
673
|
+
- `documentType`
|
|
674
|
+
|
|
675
|
+
- `merchantId`
|
|
676
|
+
|
|
677
|
+
|
|
678
|
+
The service can function using only the payment method ID and the required parameters; however, providing these optional fields can **improve response time**.
|
|
679
|
+
You may retrieve this data through the `enrollment-data` service in the [Merchant Enrollment](https://documenter.getpostman.com/view/35146358/2sA3QpDEFA#8c9f5a18-a19a-4b8f-baba-cd7501aa29a0) section.
|
|
680
|
+
|
|
601
681
|
---
|
|
602
682
|
|
|
603
683
|
### **Llaves** Dinámicas **Bre-B**
|
|
@@ -721,11 +801,11 @@ For this method, the following fields are **optional**:
|
|
|
721
801
|
|
|
722
802
|
``` json
|
|
723
803
|
"paymentMethod": {
|
|
724
|
-
"id": 277,
|
|
725
|
-
"cellphone": "string",
|
|
726
|
-
"pdfUrl": "string",
|
|
727
|
-
"whatsappAccountId": "string",
|
|
728
|
-
"templateName": "string"
|
|
804
|
+
"id": 277, // required
|
|
805
|
+
"cellphone": "string", // required
|
|
806
|
+
"pdfUrl": "string", // optional
|
|
807
|
+
"whatsappAccountId": "string", // required
|
|
808
|
+
"templateName": "string" // optional
|
|
729
809
|
}
|
|
730
810
|
|
|
731
811
|
```
|
|
@@ -736,7 +816,7 @@ For this method, the following fields are **optional**:
|
|
|
736
816
|
| --- | --- | --- | --- |
|
|
737
817
|
| `amount` | number | ✅ | Value of the payment. |
|
|
738
818
|
| `brandId` | number | ❌ | ID of the customer's white label; if one is not available, the default ID 79 is sent. |
|
|
739
|
-
| `expiresIn` | number | ❌ | Time in seconds for the expiration of the resource or payment link. Not applicable for **QR
|
|
819
|
+
| `expiresIn` | number | ❌ | Time in seconds for the expiration of the resource or payment link. Not applicable for **QR Dinámico (ID 248)**, **QR Híbrido (ID 280)** and **Llaves Dinámicas Bre-B (ID 250)** — if provided, the system ignores it. For QR products, expiration is set to end of day; for Llaves Dinámicas Bre-B, expiration is always 10 minutes from creation. |
|
|
740
820
|
| `paymentMethod` | object | ✅ | Object specifying the payment method and its details. |
|
|
741
821
|
| `paymentMethod.id` | number | ✅ | ID of the selected payment method (see available payment methods). |
|
|
742
822
|
| `reference1` | string | ✅ | Customer identifier, must be between 1 and 36 characters. |
|
|
@@ -757,16 +837,16 @@ For this method, the following fields are **optional**:
|
|
|
757
837
|
| Name | Type | Description |
|
|
758
838
|
| --- | --- | --- |
|
|
759
839
|
| body | string | Body del request |
|
|
760
|
-
| expiresIn | number | Campo del body: expiresIn |
|
|
761
|
-
| paymentMethod | object | Campo del body: paymentMethod |
|
|
762
|
-
| userMetadata | object | Campo del body: userMetadata |
|
|
763
840
|
| amount | number | Campo del body: amount |
|
|
764
841
|
| brandId | number | Campo del body: brandId |
|
|
765
|
-
|
|
|
766
|
-
| returnUrl | string | Campo del body: returnUrl |
|
|
767
|
-
| showSummary | boolean | Campo del body: showSummary |
|
|
842
|
+
| paymentMethod | object | Campo del body: paymentMethod |
|
|
768
843
|
| reference1 | string | Campo del body: reference1 |
|
|
769
844
|
| reference2 | object | Campo del body: reference2 |
|
|
845
|
+
| returnUrl | string | Campo del body: returnUrl |
|
|
846
|
+
| showSummary | boolean | Campo del body: showSummary |
|
|
847
|
+
| userMetadata | object | Campo del body: userMetadata |
|
|
848
|
+
| webhookUrl | string | Campo del body: webhookUrl |
|
|
849
|
+
| expiresIn | number | Campo del body: expiresIn |
|
|
770
850
|
|
|
771
851
|
### `cash_out_generate_withdraw_method_token`
|
|
772
852
|
|
|
@@ -1116,6 +1196,341 @@ For withdraws, a notification will be sent to the webhook provided in the applic
|
|
|
1116
1196
|
| --- | --- | --- |
|
|
1117
1197
|
| reference | string | Campo del body: reference |
|
|
1118
1198
|
|
|
1199
|
+
### `ecommerce_self_register_link`
|
|
1200
|
+
|
|
1201
|
+
<img src="https://content.pstmn.io/d2c9fab1-0bbf-40ea-9022-6cc52b24dbb3/aW1hZ2UucG5n" width="214" height="104">
|
|
1202
|
+
|
|
1203
|
+
This guide explains how **API clients** (eCommerce platforms, marketplaces, plugins) onboard **merchants** (their end customers) and process payments on their behalf through Refácil Pay.
|
|
1204
|
+
|
|
1205
|
+
---
|
|
1206
|
+
|
|
1207
|
+
## Overview
|
|
1208
|
+
|
|
1209
|
+
The eCommerce integration follows three steps:
|
|
1210
|
+
|
|
1211
|
+
1. **Generate a Self Register Link** — Your platform calls the API to obtain a unique registration URL for each merchant.
|
|
1212
|
+
2. **Merchant registration** — The merchant opens the link and completes onboarding in Refácil Pay.
|
|
1213
|
+
3. **API consumption** — After successful registration, process payments using either **direct** or **delegated** integration (see below).
|
|
1214
|
+
|
|
1215
|
+
> **Prerequisites:** Your platform must already be registered with Refácil Pay and have valid API credentials (`Authorization` token from the **Authorization** section).
|
|
1216
|
+
|
|
1217
|
+
---
|
|
1218
|
+
|
|
1219
|
+
## Integration flow
|
|
1220
|
+
|
|
1221
|
+
```
|
|
1222
|
+
┌─────────────────┐ POST /ecommerce/self-register/link ┌──────────────┐
|
|
1223
|
+
│ API client │ ──────────────────────────────────────────► │ Refácil Pay │
|
|
1224
|
+
│ (your platform)│ ◄──────────────── { link } ─────────────────│ │
|
|
1225
|
+
└────────┬────────┘ └──────────────┘
|
|
1226
|
+
│ share link
|
|
1227
|
+
▼
|
|
1228
|
+
┌─────────────────┐ completes registration ┌──────────────┐
|
|
1229
|
+
│ Merchant │ ──────────────────────────────────────────► │ Refácil Pay │
|
|
1230
|
+
└─────────────────┘ └──────┬───────┘
|
|
1231
|
+
│
|
|
1232
|
+
◄──────── POST webhook (registration completed) ───────────────┘
|
|
1233
|
+
┌─────────────────┐
|
|
1234
|
+
│ API client │
|
|
1235
|
+
└─────────────────┘
|
|
1236
|
+
```
|
|
1237
|
+
|
|
1238
|
+
---
|
|
1239
|
+
|
|
1240
|
+
## Step 1 — Generate Self Register Link
|
|
1241
|
+
|
|
1242
|
+
Call **Generate Self Register Link** with:
|
|
1243
|
+
|
|
1244
|
+
- `storeId` — Your unique identifier for the merchant within your platform.
|
|
1245
|
+
- `returnUrl` — HTTPS URL where Refácil Pay will notify you when the merchant completes registration successfully (also referred to as your **webhook URL**).
|
|
1246
|
+
|
|
1247
|
+
The response contains a `link` URL. Share this link with the merchant (email, dashboard, plugin UI, etc.).
|
|
1248
|
+
|
|
1249
|
+
See the **Generate Self Register Link** request in this section for full request/response details.
|
|
1250
|
+
|
|
1251
|
+
---
|
|
1252
|
+
|
|
1253
|
+
## Step 2 — Merchant registration & webhook
|
|
1254
|
+
|
|
1255
|
+
The merchant opens the registration link and completes the Refácil Pay onboarding flow (identity verification and account setup).
|
|
1256
|
+
|
|
1257
|
+
When registration completes successfully, **Refácil Pay sends a notification to the webhook URL** (`returnUrl`) you provided in Step 1.
|
|
1258
|
+
|
|
1259
|
+
See **Registration completion webhook** in this section for payload format, headers, and signature verification.
|
|
1260
|
+
|
|
1261
|
+
> **Important:** Your webhook endpoint must be publicly reachable over HTTPS and respond with HTTP `2xx` to acknowledge receipt.
|
|
1262
|
+
|
|
1263
|
+
---
|
|
1264
|
+
|
|
1265
|
+
## Step 3 — API consumption
|
|
1266
|
+
|
|
1267
|
+
After registration, choose one of the following integration modes.
|
|
1268
|
+
|
|
1269
|
+
### Option A — Direct merchant integration
|
|
1270
|
+
|
|
1271
|
+
The registered merchant obtains their own Refácil Pay API credentials and consumes the API directly. All transactions are naturally associated with that merchant account.
|
|
1272
|
+
|
|
1273
|
+
No additional fields are required beyond the standard payment APIs documented in the **Payments** section.
|
|
1274
|
+
|
|
1275
|
+
### Option B — Delegated integration (on behalf of the merchant)
|
|
1276
|
+
|
|
1277
|
+
Your platform continues to authenticate with **your own API credentials**, but operations are executed **on behalf of the registered merchant**.
|
|
1278
|
+
|
|
1279
|
+
Include the following object in `reference2` when generating payment resources:
|
|
1280
|
+
|
|
1281
|
+
|
|
1282
|
+
**Example — Generate Payment Link (delegated mode)**
|
|
1283
|
+
|
|
1284
|
+
``` json
|
|
1285
|
+
{
|
|
1286
|
+
"expiresIn": 12360,
|
|
1287
|
+
"amount": 18000,
|
|
1288
|
+
"brandId": 61,
|
|
1289
|
+
"webhookUrl": "https://your-platform.com/webhooks/payment-status",
|
|
1290
|
+
"returnUrl": "https://your-platform.com/payment/return",
|
|
1291
|
+
"showSummary": true,
|
|
1292
|
+
"reference1": "CGOOsiYQspMpgDD",
|
|
1293
|
+
"reference2": {
|
|
1294
|
+
"Label": {
|
|
1295
|
+
"Name": "Juanita Perez",
|
|
1296
|
+
"Email": "pqacLO87V77DgF62P8PXENA==do",
|
|
1297
|
+
"CellPhone": "1VM6daPPJcXCD4Cw93272oQ==8",
|
|
1298
|
+
"PersonType": "N",
|
|
1299
|
+
"DocumentType": "C",
|
|
1300
|
+
"DocumentNumber": 79706920
|
|
1301
|
+
},
|
|
1302
|
+
"Commerce": {
|
|
1303
|
+
"origin": 1,
|
|
1304
|
+
"storeId": "12345"
|
|
1305
|
+
}
|
|
1306
|
+
}
|
|
1307
|
+
}
|
|
1308
|
+
|
|
1309
|
+
```
|
|
1310
|
+
|
|
1311
|
+
These identifiers allow Refácil Pay to associate each transaction with the correct merchant while authentication remains under your platform credentials.
|
|
1312
|
+
|
|
1313
|
+
---
|
|
1314
|
+
|
|
1315
|
+
## Related sections
|
|
1316
|
+
|
|
1317
|
+
| Section | Purpose |
|
|
1318
|
+
| --- | --- |
|
|
1319
|
+
| **Authorization** | Obtain `Bearer` token for API calls |
|
|
1320
|
+
| **Transactional token** | Required before generating payment resources |
|
|
1321
|
+
| **Payments** | Generate payment links and cash-in resources |
|
|
1322
|
+
| **Webhook Notification** | Payment status notifications (separate from registration webhook) |
|
|
1323
|
+
|
|
1324
|
+
---
|
|
1325
|
+
|
|
1326
|
+
## Best practices
|
|
1327
|
+
|
|
1328
|
+
- Generate a **unique `storeId`** per merchant and persist the mapping on your side.
|
|
1329
|
+
- Use **HTTPS** for all webhook URLs.
|
|
1330
|
+
- Implement **idempotent** webhook handlers (the same registration event may be retried).
|
|
1331
|
+
- Verify the **`x-refacil-signature`** header on registration webhooks (see webhook request).
|
|
1332
|
+
- For delegated payments, always send **`reference2.Commerce`** with both `origin` and `storeId`.
|
|
1333
|
+
- Use the **QA environment** for end-to-end testing before production certification.
|
|
1334
|
+
|
|
1335
|
+
Generates a **Self Register Link** for a merchant to onboard in Refácil Pay.
|
|
1336
|
+
|
|
1337
|
+
Use this endpoint when your platform needs to register merchants under your eCommerce integration. Provide a stable `storeId` for each merchant and an HTTPS `returnUrl` (webhook URL) to receive the registration completion notification.
|
|
1338
|
+
|
|
1339
|
+
> **Authentication:** Requires a valid Bearer token obtained from **Login** in the Authorization section.
|
|
1340
|
+
|
|
1341
|
+
|
|
1342
|
+
### Response
|
|
1343
|
+
|
|
1344
|
+
|
|
1345
|
+
### Error responses
|
|
1346
|
+
|
|
1347
|
+
| **HTTP** | **When** |
|
|
1348
|
+
| --- | --- |
|
|
1349
|
+
| **401** | Missing or invalid Bearer token. |
|
|
1350
|
+
| **403** | The eCommerce store is not associated with your account. |
|
|
1351
|
+
| **409** | Store already registered, or store configuration incomplete. |
|
|
1352
|
+
| **500** | Unexpected error. Retry with backoff; contact support if unresolved.
|
|
1353
|
+
|
|
1354
|
+
**Parámetros:**
|
|
1355
|
+
|
|
1356
|
+
| Name | Type | Description |
|
|
1357
|
+
| --- | --- | --- |
|
|
1358
|
+
| storeId | string | Campo del body: storeId |
|
|
1359
|
+
| returnUrl | string | Campo del body: returnUrl |
|
|
1360
|
+
|
|
1361
|
+
### `webhooks_merchant_registration`
|
|
1362
|
+
|
|
1363
|
+
<img src="https://content.pstmn.io/d2c9fab1-0bbf-40ea-9022-6cc52b24dbb3/aW1hZ2UucG5n" width="214" height="104">
|
|
1364
|
+
|
|
1365
|
+
This guide explains how **API clients** (eCommerce platforms, marketplaces, plugins) onboard **merchants** (their end customers) and process payments on their behalf through Refácil Pay.
|
|
1366
|
+
|
|
1367
|
+
---
|
|
1368
|
+
|
|
1369
|
+
## Overview
|
|
1370
|
+
|
|
1371
|
+
The eCommerce integration follows three steps:
|
|
1372
|
+
|
|
1373
|
+
1. **Generate a Self Register Link** — Your platform calls the API to obtain a unique registration URL for each merchant.
|
|
1374
|
+
2. **Merchant registration** — The merchant opens the link and completes onboarding in Refácil Pay.
|
|
1375
|
+
3. **API consumption** — After successful registration, process payments using either **direct** or **delegated** integration (see below).
|
|
1376
|
+
|
|
1377
|
+
> **Prerequisites:** Your platform must already be registered with Refácil Pay and have valid API credentials (`Authorization` token from the **Authorization** section).
|
|
1378
|
+
|
|
1379
|
+
---
|
|
1380
|
+
|
|
1381
|
+
## Integration flow
|
|
1382
|
+
|
|
1383
|
+
```
|
|
1384
|
+
┌─────────────────┐ POST /ecommerce/self-register/link ┌──────────────┐
|
|
1385
|
+
│ API client │ ──────────────────────────────────────────► │ Refácil Pay │
|
|
1386
|
+
│ (your platform)│ ◄──────────────── { link } ─────────────────│ │
|
|
1387
|
+
└────────┬────────┘ └──────────────┘
|
|
1388
|
+
│ share link
|
|
1389
|
+
▼
|
|
1390
|
+
┌─────────────────┐ completes registration ┌──────────────┐
|
|
1391
|
+
│ Merchant │ ──────────────────────────────────────────► │ Refácil Pay │
|
|
1392
|
+
└─────────────────┘ └──────┬───────┘
|
|
1393
|
+
│
|
|
1394
|
+
◄──────── POST webhook (registration completed) ───────────────┘
|
|
1395
|
+
┌─────────────────┐
|
|
1396
|
+
│ API client │
|
|
1397
|
+
└─────────────────┘
|
|
1398
|
+
```
|
|
1399
|
+
|
|
1400
|
+
---
|
|
1401
|
+
|
|
1402
|
+
## Step 1 — Generate Self Register Link
|
|
1403
|
+
|
|
1404
|
+
Call **Generate Self Register Link** with:
|
|
1405
|
+
|
|
1406
|
+
- `storeId` — Your unique identifier for the merchant within your platform.
|
|
1407
|
+
- `returnUrl` — HTTPS URL where Refácil Pay will notify you when the merchant completes registration successfully (also referred to as your **webhook URL**).
|
|
1408
|
+
|
|
1409
|
+
The response contains a `link` URL. Share this link with the merchant (email, dashboard, plugin UI, etc.).
|
|
1410
|
+
|
|
1411
|
+
See the **Generate Self Register Link** request in this section for full request/response details.
|
|
1412
|
+
|
|
1413
|
+
---
|
|
1414
|
+
|
|
1415
|
+
## Step 2 — Merchant registration & webhook
|
|
1416
|
+
|
|
1417
|
+
The merchant opens the registration link and completes the Refácil Pay onboarding flow (identity verification and account setup).
|
|
1418
|
+
|
|
1419
|
+
When registration completes successfully, **Refácil Pay sends a notification to the webhook URL** (`returnUrl`) you provided in Step 1.
|
|
1420
|
+
|
|
1421
|
+
See **Registration completion webhook** in this section for payload format, headers, and signature verification.
|
|
1422
|
+
|
|
1423
|
+
> **Important:** Your webhook endpoint must be publicly reachable over HTTPS and respond with HTTP `2xx` to acknowledge receipt.
|
|
1424
|
+
|
|
1425
|
+
---
|
|
1426
|
+
|
|
1427
|
+
## Step 3 — API consumption
|
|
1428
|
+
|
|
1429
|
+
After registration, choose one of the following integration modes.
|
|
1430
|
+
|
|
1431
|
+
### Option A — Direct merchant integration
|
|
1432
|
+
|
|
1433
|
+
The registered merchant obtains their own Refácil Pay API credentials and consumes the API directly. All transactions are naturally associated with that merchant account.
|
|
1434
|
+
|
|
1435
|
+
No additional fields are required beyond the standard payment APIs documented in the **Payments** section.
|
|
1436
|
+
|
|
1437
|
+
### Option B — Delegated integration (on behalf of the merchant)
|
|
1438
|
+
|
|
1439
|
+
Your platform continues to authenticate with **your own API credentials**, but operations are executed **on behalf of the registered merchant**.
|
|
1440
|
+
|
|
1441
|
+
Include the following object in `reference2` when generating payment resources:
|
|
1442
|
+
|
|
1443
|
+
|
|
1444
|
+
**Example — Generate Payment Link (delegated mode)**
|
|
1445
|
+
|
|
1446
|
+
``` json
|
|
1447
|
+
{
|
|
1448
|
+
"expiresIn": 12360,
|
|
1449
|
+
"amount": 18000,
|
|
1450
|
+
"brandId": 61,
|
|
1451
|
+
"webhookUrl": "https://your-platform.com/webhooks/payment-status",
|
|
1452
|
+
"returnUrl": "https://your-platform.com/payment/return",
|
|
1453
|
+
"showSummary": true,
|
|
1454
|
+
"reference1": "CGOOsiYQspMpgDD",
|
|
1455
|
+
"reference2": {
|
|
1456
|
+
"Label": {
|
|
1457
|
+
"Name": "Juanita Perez",
|
|
1458
|
+
"Email": "pqacLO87V77DgF62P8PXENA==do",
|
|
1459
|
+
"CellPhone": "1VM6daPPJcXCD4Cw93272oQ==8",
|
|
1460
|
+
"PersonType": "N",
|
|
1461
|
+
"DocumentType": "C",
|
|
1462
|
+
"DocumentNumber": 79706920
|
|
1463
|
+
},
|
|
1464
|
+
"Commerce": {
|
|
1465
|
+
"origin": 1,
|
|
1466
|
+
"storeId": "12345"
|
|
1467
|
+
}
|
|
1468
|
+
}
|
|
1469
|
+
}
|
|
1470
|
+
|
|
1471
|
+
```
|
|
1472
|
+
|
|
1473
|
+
These identifiers allow Refácil Pay to associate each transaction with the correct merchant while authentication remains under your platform credentials.
|
|
1474
|
+
|
|
1475
|
+
---
|
|
1476
|
+
|
|
1477
|
+
## Related sections
|
|
1478
|
+
|
|
1479
|
+
| Section | Purpose |
|
|
1480
|
+
| --- | --- |
|
|
1481
|
+
| **Authorization** | Obtain `Bearer` token for API calls |
|
|
1482
|
+
| **Transactional token** | Required before generating payment resources |
|
|
1483
|
+
| **Payments** | Generate payment links and cash-in resources |
|
|
1484
|
+
| **Webhook Notification** | Payment status notifications (separate from registration webhook) |
|
|
1485
|
+
|
|
1486
|
+
---
|
|
1487
|
+
|
|
1488
|
+
## Best practices
|
|
1489
|
+
|
|
1490
|
+
- Generate a **unique `storeId`** per merchant and persist the mapping on your side.
|
|
1491
|
+
- Use **HTTPS** for all webhook URLs.
|
|
1492
|
+
- Implement **idempotent** webhook handlers (the same registration event may be retried).
|
|
1493
|
+
- Verify the **`x-refacil-signature`** header on registration webhooks (see webhook request).
|
|
1494
|
+
- For delegated payments, always send **`reference2.Commerce`** with both `origin` and `storeId`.
|
|
1495
|
+
- Use the **QA environment** for end-to-end testing before production certification.
|
|
1496
|
+
|
|
1497
|
+
When a merchant **successfully completes registration**, Refácil Pay sends an HTTPS **POST** notification to the `returnUrl` (webhook URL) you provided in **Generate Self Register Link**.
|
|
1498
|
+
|
|
1499
|
+
This notification confirms that the merchant is ready for API consumption. It is **not** a payment status webhook — see **Webhook Notification** for transaction events.
|
|
1500
|
+
|
|
1501
|
+
### Headers sent by Refácil Pay
|
|
1502
|
+
|
|
1503
|
+
|
|
1504
|
+
### Body fields
|
|
1505
|
+
|
|
1506
|
+
|
|
1507
|
+
### Verification
|
|
1508
|
+
|
|
1509
|
+
1. Read the raw request body.
|
|
1510
|
+
2. Compute HMAC-SHA256 using your **signing secret** (provided by Refácil Pay).
|
|
1511
|
+
3. Compare with the `x-refacil-signature` header.
|
|
1512
|
+
4. Reject requests with invalid signatures.
|
|
1513
|
+
|
|
1514
|
+
### Handler requirements
|
|
1515
|
+
|
|
1516
|
+
- Respond with HTTP **2xx** to acknowledge receipt.
|
|
1517
|
+
- Implement **idempotency** using `eventId`.
|
|
1518
|
+
- Persist the `storeId` ↔ `userId` mapping for delegated integrations.
|
|
1519
|
+
|
|
1520
|
+
> **Note:** Do not expose this endpoint without signature verification.
|
|
1521
|
+
|
|
1522
|
+
**Parámetros:**
|
|
1523
|
+
|
|
1524
|
+
| Name | Type | Description |
|
|
1525
|
+
| --- | --- | --- |
|
|
1526
|
+
| refacilSignature * | string | Header personalizado: x-refacil-signature |
|
|
1527
|
+
| refacilTimestamp * | string | Header personalizado: x-refacil-timestamp |
|
|
1528
|
+
| originCommerce * | string | Header personalizado: x-origin-commerce |
|
|
1529
|
+
| storeId | string | Campo del body: storeId |
|
|
1530
|
+
| userId | number | Campo del body: userId |
|
|
1531
|
+
| eventId | string | Campo del body: eventId |
|
|
1532
|
+
| activatedAt | string | Campo del body: activatedAt |
|
|
1533
|
+
|
|
1119
1534
|
### `merchant_enrollment_data`
|
|
1120
1535
|
|
|
1121
1536
|
This service allows merchants to retrieve enrollment data for the use of the QR interoperable payment method and key creation.
|